пре 2 дана · 9001a68cdd
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ All notable changes to Gogs are documented in this file.
 
															 ### Fixed
														
 
															 - _Security:_ Cross-repository LFS object overwrite via missing content hash verification. [#8166](https://github.com/gogs/gogs/pull/8166) - [GHSA-gmf8-978x-2fg2](https://github.com/gogs/gogs/security/advisories/GHSA-gmf8-978x-2fg2)
														
 
															+- _Security:_ DOM-based XSS via issue meta selection on the issue page. [#8178](https://github.com/gogs/gogs/pull/8178) - [GHSA-vgjm-2cpf-4g7c](https://github.com/gogs/gogs/security/advisories/GHSA-vgjm-2cpf-4g7c)
														
 
															 ### Removed
														
--- a/public/js/gogs.js
+++ b/public/js/gogs.js
@@ -240,29 +240,19 @@ function initCommentForm() {
 
															       }
														
 
															       switch (input_id) {
														
 
															         case "#milestone_id":
														
 
															-          $list
														
 
															-            .find(".selected")
														
 
															-            .html(
														
 
															-              '<a class="item" href=' +
														
 
															-                $(this).data("href") +
														
 
															-                ">" +
														
 
															-                $(this).text() +
														
 
															-                "</a>"
														
 
															-            );
														
 
															+          var $milestoneAnchor = $('<a class="item"></a>');
														
 
															+          $milestoneAnchor.attr("href", $(this).data("href"));
														
 
															+          $milestoneAnchor.text($(this).text());
														
 
															+          $list.find(".selected").empty().append($milestoneAnchor);
														
 
															           break;
														
 
															         case "#assignee_id":
														
 
															-          $list
														
 
															-            .find(".selected")
														
 
															-            .html(
														
 
															-              '<a class="item" href=' +
														
 
															-                $(this).data("href") +
														
 
															-                ">" +
														
 
															-                '<img class="ui avatar image" src=' +
														
 
															-                $(this).data("avatar") +
														
 
															-                ">" +
														
 
															-                $(this).text() +
														
 
															-                "</a>"
														
 
															-            );
														
 
															+          var $assigneeAnchor = $('<a class="item"></a>');
														
 
															+          $assigneeAnchor.attr("href", $(this).data("href"));
														
 
															+          $assigneeAnchor.append(
														
 
															+            $('<img class="ui avatar image">').attr("src", $(this).data("avatar"))
														
 
															+          );
														
 
															+          $assigneeAnchor.append($("<span></span>").text($(this).text()));
														
 
															+          $list.find(".selected").empty().append($assigneeAnchor);
														
 
															       }
														
 
															       $(".ui" + select_id + ".list .no-select").addClass("hide");
														
 
															       $(input_id).val($(this).data("id"));